Malware

Win32/Kryptik.HPCC removal instruction

Malware Removal

The Win32/Kryptik.HPCC is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What Win32/Kryptik.HPCC virus can do?

  • SetUnhandledExceptionFilter detected (possible anti-debug)
  • Behavioural detection: Executable code extraction – unpacking
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Creates RWX memory
  • Possible date expiration check, exits too soon after checking local time
  • Dynamic (imported) function loading detected
  • A process created a hidden window
  • CAPE extracted potentially suspicious content
  • Unconventionial language used in binary resources: Manipuri
  • Authenticode signature is invalid
  • Behavioural detection: Injection (Process Hollowing)
  • Executed a process and injected code into it, probably while unpacking
  • Detects Sandboxie through the presence of a library
  • Detects Avast Antivirus through the presence of a library
  • Behavioural detection: Injection (inter-process)
  • Created a process from a suspicious location
  • Checks the presence of disk drives in the registry, possibly for anti-virtualization

How to determine Win32/Kryptik.HPCC?


File Info:

name: F5F27C019E1955D9FBE6.mlw
path: /opt/CAPEv2/storage/binaries/a3a05cd2e676ebb497a54868ae2be71c81f49bcc74b6e6a8955e97270bf9dcaa
crc32: 580EFF7E
md5: f5f27c019e1955d9fbe69155b26c2be0
sha1: b0806a276f1903e3022e9569ff5bbdbe19e15ccd
sha256: a3a05cd2e676ebb497a54868ae2be71c81f49bcc74b6e6a8955e97270bf9dcaa
sha512: 9a3dd571a8f8c8df1968884d63b5f6c9203e1fb99a18c482635493a6143cc6bb91b840bf7ed33b3b0a77416ecb7ecac0267a66275ae4ce6e03e044f57dd590ea
ssdeep: 3072:W1Xvt9SBRYML4gmEGJbiUTt/LT7LHwFM/h3g2l:6vCBRYML49JmUtzTnQFm
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1DD349D717292C871C09EE230A475DFB509BEAC725A24098777B43B2F6E722C065B536F
sha3_384: b3c7f5c9437d5d247b62bab0b096b362b933ee94c81a9695a7d0b81990f68a415fdd0344fc54f292a8a6a542b0b4f132
ep_bytes: e8f2370000e989feffff8bff558bec68
timestamp: 2020-12-10 08:37:52

Version Info:

FileVersion: 34.42.11.13
Copyrighz: Copyright (C) 2022, pazkarte
ProjectVersion: 25.13.80.11

Win32/Kryptik.HPCC also known as:

BkavW32.AIDetect.malware2
LionicTrojan.Win32.Strab.4!c
DrWebTrojan.Siggen17.34211
MicroWorld-eScanTrojan.GenericKD.48802520
FireEyeGeneric.mg.f5f27c019e1955d9
CAT-QuickHealTrojan.GenericPMF.S27491928
McAfeePacked-GDT!F5F27C019E19
CylanceUnsafe
SangforTrojan.Win32.Save.a
K7AntiVirusTrojan ( 005908661 )
AlibabaRansom:Win32/StopCrypt.c9379702
K7GWTrojan ( 005908661 )
CyrenW32/Agent.EHR.gen!Eldorado
SymantecPacked.Generic.525
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/Kryptik.HPCC
TrendMicro-HouseCallTROJ_GEN.R002C0DD722
Paloaltogeneric.ml
KasperskyHEUR:Trojan.Win32.Strab.gen
BitDefenderTrojan.GenericKD.48802520
AvastWin32:AceCrypter-R [Cryp]
TencentTrojan-Spy.Win32.Stealer.16000356
Ad-AwareTrojan.GenericKD.48802520
EmsisoftTrojan.Crypt (A)
ZillyaTrojan.Kryptik.Win32.3734256
TrendMicroTROJ_GEN.R002C0DD722
McAfee-GW-EditionPacked-GDT!F5F27C019E19
SophosMal/Generic-R + Troj/Krypt-IR
IkarusTrojan-Spy.Agent
GDataWin32.Trojan.PSE.KRFJIY
JiangminTrojanSpy.Stealer.sfl
MAXmalware (ai score=88)
ZoneAlarmHEUR:Trojan.Win32.Strab.gen
MicrosoftRansom:Win32/StopCrypt.PBF!MTB
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.MalPE.R482127
Acronissuspicious
ALYacTrojan.GenericKD.48802520
MalwarebytesTrojan.MalPack.GS
APEXMalicious
RisingTrojan.Kryptik!1.D977 (CLOUD)
SentinelOneStatic AI – Suspicious PE
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/Kryptik.HPCC!tr
AVGWin32:AceCrypter-R [Cryp]
PandaTrj/GdSda.A
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Kryptik.HPCC?

Win32/Kryptik.HPCC removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment